Many thanks for this. Ok, simple enough ... I appreciate you both writing
such a good post.
Question though related to internet access and multiple sites.
Lets say we have R1 and R2, just as you have them above. How does each
router know to keep traffic for each VRF? I do not see labels being used in
the configs you provide ...
It appears that VRF lite requires dedicated links for forwarding and keeping
the route updates separate.
I know I am mixing technologies here with this next question, but just
curious about this ...
When I have a CE and have segmented multiple customers off of this CE, how
does the uplink / PE know which traffic goes to and from each customer VRF?
I need to inform the PE of which routes to send to the CE and to which VRF
... perhaps this is not possible w/ VRF lite.
Joe - I would imagine that VRF Lite works well with dot1x sub interfaces.
The link I found previously, was somewhat of a mix of regular MPLS VPNS, and
CSC ... where the CSC configs required the sending of labels, and treated
this CE device like a customer PE
Understand my confusion when I was reading this? ;-)
VRF lite reminds me a little of private VLANs ... these are similar IMO.
Although ... w/ VRF lite, I do not see the configuration of a promiscuous
port ... how to uplink multiple customer VRFs?
Also, on a side note, this would be an odd thing to add to the lab IMO
...
Many TIA,
Andrew
On Tue, Sep 15, 2009 at 4:37 PM, Joe Astorino <jastorino_at_ipexpert.com>wrote:
> The way I understand it, VRF-Lite is basically VRFs but without the BGP to
> transport the routes. Also, there seems to be a stressing of using switches
> to trunk to router sub-interfaces for different VRFs.
>
>
> On Tue, Sep 15, 2009 at 4:28 PM, Piotr Matusiak <piotr_at_ccie1.com> wrote:
>
>> Hi,
>>
>> Believe me or not, but for me VRF lite is only 3-commands feature:
>> #ip vrf <name>
>> #rd <asn:nn>
>> #ip vrf forwarding <name>
>>
>> Rest of commands only support prefixes delivery in my opinion.
>> Take a look at the following config and decide if this is VRF Lite or not
>> :)
>>
>> Topo: R1 ==== R2 (two links, each in separate VRF)
>>
>> R1 config:
>>
>> ip vrf CUST1
>> rd 1:1
>> !
>> ip vrf CUST2
>> rd 2:2
>>
>> interface Loopback0
>> ip vrf forwarding CUST1
>> ip address 1.1.1.1 255.255.255.0
>> !
>> interface Loopback1
>> ip vrf forwarding CUST2
>> ip address 11.11.11.11 255.255.255.0
>> !
>> interface FastEthernet0/0
>> ip vrf forwarding CUST1
>> ip address 10.1.12.1 255.255.255.0
>> !
>> interface FastEthernet0/1
>> ip vrf forwarding CUST2
>> ip address 10.1.21.1 255.255.255.0
>> !
>> router rip
>> version 2
>> no auto-summary
>> !
>> address-family ipv4 vrf CUST2
>> network 10.0.0.0
>> network 11.0.0.0
>> no auto-summary
>> exit-address-family
>> !
>> address-family ipv4 vrf CUST1
>> network 1.0.0.0
>> network 10.0.0.0
>> no auto-summary
>> exit-address-family
>> !
>>
>>
>>
>>
>>
>> R2 config:
>>
>> ip vrf CUST1
>> rd 1:1
>> !
>> ip vrf CUST2
>> rd 2:2
>> !
>> interface Loopback0
>> ip vrf forwarding CUST1
>> ip address 2.2.2.2 255.255.255.0
>> !
>> interface Loopback1
>> ip vrf forwarding CUST2
>> ip address 22.22.22.22 255.255.255.0
>> !
>> interface FastEthernet0/0
>> ip vrf forwarding CUST1
>> ip address 10.1.12.2 255.255.255.0
>> !
>> interface FastEthernet0/1
>> ip vrf forwarding CUST2
>> ip address 10.1.21.2 255.255.255.0
>> !
>> router rip
>> version 2
>> no auto-summary
>> !
>> address-family ipv4 vrf CUST2
>> network 10.0.0.0
>> network 22.0.0.0
>> no auto-summary
>> exit-address-family
>> !
>> address-family ipv4 vrf CUST1
>> network 2.0.0.0
>> network 10.0.0.0
>> no auto-summary
>> exit-address-family
>>
>>
>> TEST:
>>
>> R1#sh ip ro vrf CUST1 rip
>> 2.0.0.0/24 is subnetted, 1 subnets
>> R 2.2.2.0 [120/1] via 10.1.12.2, 00:00:09, FastEthernet0/0
>> R1#
>>
>> R1#sh ip ro vrf CUST2 rip
>> 22.0.0.0/24 is subnetted, 1 subnets
>> R 22.22.22.0 [120/1] via 10.1.21.2, 00:00:06, FastEthernet0/1
>>
>> R1#ping vrf CUST2 22.22.22.22 so lo1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
>> Packet sent with a source address of 11.11.11.11
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/20/44 ms
>> R1#
>>
>>
>>
>> --
>> Piotr Matusiak
>> CCIE #19860 (R&S, SEC)
>>
>>
>>
>>
>>
>> 2009/9/15 ALL From_NJ <all.from.nj_at_gmail.com>:
>> > Hey folk,
>> >
>> > I have not done vrf lite before ... and I found some docs related to
>> mpls
>> > lite, but am not able to find much on the doc cd. Here is what I found:
>> >
>> >
>> http://www.cisco.com/en/US/docs/ios/12_2sb/12_2sba/feature/guide/vrflite.html
>> >
>> > Any better links than the one above? This seems to be a bit dated and
>> not
>> > all the commands work ...
>> >
>> > Notes on VRF Lite:
>> > - VRF Lite appears to be plain MPLS VPNs configured, with the send-label
>> > command on the PEs, and MPLS configured between PE and CE. Any other
>> > throughts?
>> >
>> > Also, I am looking for some additional lab ideas on MPLS VPNs ...
>> > configuring them is not too hard, and tshooting my own screwups has been
>> > entertaining. I am looking for some ideas on ways to make this better.
>> >
>> > The config examples are pretty easy to follow in case e get hung up on a
>> > task ...
>> >
>> http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn_ps6350_TSD_Products_Configuration_Guide_Chapter.html
>> >
>> > Many TIA,
>> >
>> > --
>> > Andrew Lee Lissitz
>> > all.from.nj_at_gmail.com
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Regards,
>
> Joe Astorino - CCIE #24347 R&S
> Technical Instructor - IPexpert, Inc.
> Cell: +1.586.212.6107
> Fax: +1.810.454.0130
> Mailto: jastorino_at_ipexpert.com
>
-- Andrew Lee Lissitz all.from.nj_at_gmail.com Blogs and organic groups at http://www.ccie.netReceived on Wed Sep 16 2009 - 00:04:11 ART
This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:03 ART